This invention is related in general to decryption of digital information and more specifically to a system for securely decrypting streamed digital media such as digital video played back at a set-top box or computer system.
A typical streaming media system uses codecs for compression, streaming formats for content delivery, and players for recreating the content at the end user's site. Codec formats include Indeo R3.1 Video Codec from Intel and Cinepak Video Codec from SuperMatch. Streaming formats are based on protocol families, such as RTP/RTCP as standardized by the IETF. Player frameworks include QuickTime from Apple Computer, Inc., RealOne from Real Networks, etc., that use plug-ins or other mechanisms that support processes to decode audio and/or visual information for a presentation. For example, QuickTime is a popular framework for streaming the standard promulgated by the Motion Picture Experts Group (MPEG) known as MPEG-4. By modifying the content information according to the coding and decoding rules of the codec the size of the information is reduced. The resulting compression ratio is very useful to reduce requirements of a communication channel, such as the Internet, to stream the production to potentially many thousands of users for presentation. A user's playback platform includes a processor that executes the codec. The production can be captured and streamed in real-time (e.g., a “live” presentation), or the production can be a pre-recorded (i.e., stored) file. In either case, the production is transferred to a user or users in a unicast, broadcast, multicast or other distribution scheme.
Security is an important aspect of streamed media. Content owners and distributors desire to limit streamed media production availability only to those users who are paying customers. One way to enforce ownership rights is to encrypt the streamed information so that it is not subject to viewing, copying, transfer or other handling by unauthorized persons. Of course, the production must be decrypted at some time prior to presentation to a user. A security weakness is created at the point in a playback system where the information has been decrypted and is “in the clear.” Such decrypted information is more readily subject to unauthorized use.
Today's streamed media is usually streamed over digital networks, such as the Internet, corporate or campus intranets, local area networks (LANs), home networks, etc., via packet-oriented protocols such as User Datagram Protocol (UDP) or Transfer Control Protocol/Internet Protocol (TCP/IP). A packet is a small unit of the digital information. Packets can be sent or received out-of-order. As such, a receiver, or playback device, must re-assemble the received packets in addition to performing decoding and decryption operations.
FIG. 1A is a prior art diagram illustrating an exemplary streaming media playback device that includes the functions of re-assembly, decryption and decoding.
In FIG. 1A, encoded and encrypted packets 20 making up streaming media content are obtained from a source such as Internet 10. The packets are received by a user's playback device 30, or other platform such as a television set-top box, and are transferred internal to the playback device via bus 32. Note that the packets transferred on bus 32 are still encrypted and so security is maintained.
Reassembler 34 obtains the encrypted, encoded packets and decrypts them by utilizing decryption resource 40. Reassembler 34 typically needs to perform decryption prior to reassembly of the packets because, in general, the content is encrypted at the packet level in order to facilitate network transport. Packets must be reassembled in order to perform the decoding process as the units of information that are handled by the decoding process usually include many packets of information. The reassembled packets are used to derive access units according to the encoding format (e.g., MPEG-4 format). In generating the access unit, the reassembler must strip off all the packet header information and piece together the packet payloads in order to reassemble the access unit. As such, once the decoder processes the access unit, it is unaware that the access unit was ever packetized, and, in general, is not capable of determining where the packet boundaries were.
Assembled and decrypted information is transferred via bus 36 to a decoder 38 (e.g., MPEG-4 video decoder) for eventual display on output devices such as a video screen for video, rendered to the system's speaker for audio media, etc., shown at 50. Note that in the approach of FIG. 1A, unencrypted information is output by reassembler 34 onto bus 36. This provides a point at which the information can be obtained for unauthorized use. This point in the system is even more appealing to a would-be DRM violator since the information is both unencrypted yet still encoded. In other words, the information is readable and is still in a compact form (e.g., some 30 times or more smaller than decoded) so that it can be more easily copied, stored, transferred, sold, etc.